The noise floor measures 000000001 milliwatts, and the receiver's signal strength is - 65dBm. What is the Signal to Noise Ratio?
Correct Answer:
D
The signal to noise ratio (SNR) is a measure that compares the level of a desired signal to the level of background noise. SNR is defined as the ratio of signal power to the noise power, often expressed in decibels (dB). A high SNR means that the signal is clear and easy to detect or interpret, while a low SNR means that the signal is corrupted or obscured by noise and may be difficult to distinguish or recover3. To calculate the SNR in dB, we can use the following formula:
SNR (dB) = Signal power (dBm) - Noise power (dBm)
In this question, we are given that the noise floor measures -90 dBm (0.000000001 milliwatts) and the receiver??s signal strength is -65 dBm (0.000316 milliwatts). Therefore, we can plug these values into the formula and get:
SNR (dB) = -65 dBm - (-90 dBm) SNR (dB) = -65 dBm + 90 dBm SNR (dB) = 25 dBm
Therefore, the correct answer is that the SNR is 25 dBm. References: 3 https://en.wikipedia.org/wiki/Signal-to-noise_ratio
DRAG DROP
A network administrator with existing IAP-315 access points is interested in Aruba Central and needs to know which license is required for specific features Please match the required license per feature (Matches may be used more than once.)
Solution:
a) Alerts on config changes via email - Foundation b) Group-based firmware compliance - Foundation c) Heat maps of deployed APs - Advanced d) Live upgrades of an AOS10 cluster - Advanced
According to the Aruba Central Licensing Guide1, the Foundation License provides basic device management features such as configuration, monitoring, alerts, reports, firmware management, etc. The Advanced License provides additional features such as AI insights, WLAN services, NetConductor Fabric, heat maps, live upgrades, etc. https://www.arubanetworks.com/techdocs/central/2.5.3/content/pdfs/licensing-guide.pdf
Does this meet the goal?
Correct Answer:
A
What does WPA3-Personal use as the source to generate a different Pairwise Master Key (PMK) each time a station connects to the wireless network?
Correct Answer:
A
The source that WPA3-Personal uses to generate a different Pairwise Master Key (PMK) each time a station connects to the wireless network is session-specific information (MACs and nonces). WPA3-Personal uses Simultaneous Authentication of Equals (SAE) to replace PSK authentication in WPA2-Personal. SAE is a secure key establishment protocol that uses a Diffie-Hellman key exchange to derive a shared secret between two parties without revealing it to an eavesdropper. SAE involves the following steps:
✑ The station and the access point exchange Commit messages that contain their
MAC addresses and random numbers called nonces.
✑ The station and the access point use their own passwords and the received MAC addresses and nonces to calculate a shared secret called SAE Password Element (PE).
✑ The station and the access point use their own PE and the received MAC addresses and nonces to calculate a shared secret called SAE Key Seed (KS).
✑ The station and the access point use their own KS and the received MAC addresses and nonces to calculate a shared secret called SAE Key Confirmation Key (KCK).
✑ The station and the access point use their own KCK and the received MAC addresses and nonces to calculate a confirmation value called SAE Confirm.
✑ The station and the access point exchange Confirm messages that contain their SAE Confirm values.
✑ The station and the access point verify that the received SAE Confirm values match their own calculated values. If they match, the authentication is successful and the station and the access point have established a shared secret called SAE PMK.
The SAE PMK is different for each session because it depends on the MAC addresses and nonces that are exchanged in each authentication process. The SAE PMK is used as an input for the 4-way handshake that generates the Pairwise Temporal Key (PTK) for encrypting data frames.
The other options are not sources that WPA3-Personal uses to generate a different PMK each time a station connects to the wireless network because:
✑ Opportunistic Wireless Encryption (OWE): OWE is a feature that provides
encryption for open networks without requiring authentication or passwords. OWE uses a similar key establishment protocol as SAE, but it does not generate a PMK. Instead, it generates a Pairwise Secret (PS) that is used as an input for the 4-way handshake that generates the PTK.
✑ Simultaneous Authentication of Equals (SAE): SAE is not a source, but a protocol
that uses session-specific information as a source to generate a different PMK
each time a station connects to the wireless network.
✑ Key Encryption Key (KEK): KEK is not a source, but an output of the 4-way handshake that generates the PTK. KEK is used to encrypt group keys that are distributed by the access point.
References: https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-6e https://www.wi-fi.org/file/wi- fi-alliance-unlicensed-spectrum-in-the-us https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access- points/wpa3-dep-guide-og.html https://info.support.huawei.com/info- finder/encyclopedia/en/WPA3.html https://rp.os3.nl/2019-2020/p99/presentation.pdf
What is a weakness introduced into the WLAN environment when WPA2-Personal is used for security?
Correct Answer:
C
The weakness introduced into WLAN environment when WPA2-Personal is used for security is that PMK Pairwise Master Key (PMK) is a key that is derived from PSK Pre-shared Key (PSK) is a key that is shared between two parties before communication begins , which are both fixed. This means that all users who know PSK can generate PMK without any authentication process. This also means that if PSK or PMK are compromised by an attacker, they can be used to decrypt all traffic encrypted with PTK Pairwise Temporal Key (PTK) is a key that is derived from PMK, ANonce AuthenticatorNonce (ANonce) is a random number generated by an authenticator (a device that controls access to network resources, such as an AP), SNonce Supplicant Nonce (SNonce) is a random number generated by supplicant (a device that wants to access network resources, such as an STA), AA Authenticator Address (AA) is MAC address of authenticator, SA Supplicant
Address (SA) is MAC address of supplicant using Pseudo-Random Function (PRF). PTK consists of four subkeys: KCK Key Confirmation Key (KCK) is used for message integrity check, KEK Key Encryption Key (KEK) is used for encryption key distribution, TK Temporal Key (TK) is used for data encryption, MIC Message Integrity Code (MIC) key. .
The other options are not weaknesses because:
✑ It uses X 509 certificates generated by a Certification Authority: This option is false because WPA2-Personal does not use X 509 certificates or Certification Authority for authentication. X 509 certificates and Certification Authority are used in WPA2- Enterprise mode, which uses 802.1X and EAP Extensible Authentication Protocol (EAP) is an authentication framework that provides support for multiple authentication methods, such as passwords, certificates, tokens, or biometrics. EAP is used in wireless networks and point-to-point connections to provide secure authentication between a supplicant (a device that wants to access the network) and an authentication server (a device that verifies the credentials of the supplicant). for user authentication with a RADIUS server Remote Authentication Dial-In User Service (RADIUS) is a network protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service .
✑ The Pairwise Temporal Key (PTK) is specific to each session: This option is false because PTK being specific to each session is not a weakness but a strength of WPA2-Personal. PTK being specific to each session means that it changes periodically during communication based on time or number of packets transmitted. This prevents replay attacks and increases security of data encryption.
✑ It does not use the WPA 4-Way Handshake: This option is false because WPA2- Personal does use the WPA 4-Way Handshake for key negotiation. The WPA 4- Way Handshake is a process that allows the station and the access point to exchange ANonce and SNonce and derive PTK from PMK. The WPA 4-Way Handshake also allows the station and the access point to verify each other??s PMK and confirm the installation of PTK.
References: https://en.wikipedia.org/wiki/Wi- Fi_Protected_Access#WPA_key_hierarchy_and_management https://www.cwnp.com/wp- content/uploads/pdf/WPA2.pdf
Which Aruba technology will allow for device-specific passphrases to securely add headless devices to the WLAN?
Correct Answer:
B
Multiple Pre-Shared Key (MPSK) is a feature that allows device-specific or group-specific passphrases to securely add headless devices to the WLAN Wireless Local Area Network. WLAN is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office building. . MPSK enhances the WPA2 PSK Wi-Fi Protected Access 2 Pre-Shared Key. WPA2 PSK is a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users without an enterprise authentication server. mode by allowing different PSKs for different devices on the same SSID Service Set Identifier. SSID is a case-sensitive, 32 alphanumeric character unique identifier attached to the header of packets sent over a wireless local-area network (WLAN). The SSID acts as a password when a mobile device tries to connect to the basic service set (BSS) — a component of the IEEE 802.11 WLAN architecture. . MPSK passwords can be generated or user-created and are managed by ClearPass Policy Manager12. References:
1 https://blogs.arubanetworks.com/solutions/simplify-iot-authentication-with-multiple-pre-
shared-keys/ 2
https://www.arubanetworks.com/techdocs/ClearPass/6.8/Guest/Content/AdministrationTasks1/Configuring-MPSK.htm
